CVE-2022-31188

HIGH

CVAT < 2.0.0 - Server-Side Request Forgery

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-31188. PoCs published by Emir Polat, emirpolatt.

AI-analyzed exploit summary This is a functional SSRF exploit for CVAT versions prior to 2.0.0, demonstrating how an attacker can force the server to make arbitrary HTTP requests via the `/api/v1/tasks/2/data` endpoint. The exploit uses a multipart/form-data request to inject a malicious URL into the `remote files[0]` parameter.

Description

CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue.

Exploits (2)

exploitdb WORKING POC

by Emir Polat · textwebappspython

https://www.exploit-db.com/exploits/51030

View Code ZIP pw:eip

This is a functional SSRF exploit for CVAT versions prior to 2.0.0, demonstrating how an attacker can force the server to make arbitrary HTTP requests via the `/api/v1/tasks/2/data` endpoint. The exploit uses a multipart/form-data request to inject a malicious URL into the `remote files[0]` parameter.

Classification

Working Poc 95%

Attack Type

Ssrf

Complexity

Trivial

Reliability

Reliable

Target: CVAT < 2.0.0

Auth required

Prerequisites: Valid authentication token · Access to the CVAT API endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 5 stars

by emirpolatt · poc

https://github.com/emirpolatt/CVE-2022-31188

View Code ZIP pw:eip

This repository contains a proof-of-concept for CVE-2022-31188, an SSRF vulnerability in OpenCV CVAT. The exploit demonstrates how an authenticated user can send a malicious HTTP request to access other open ports on the system.

Classification

Working Poc 90%

Attack Type

Ssrf

Complexity

Trivial

Reliability

Reliable

Target: OpenCV CVAT < 2.0.0

Auth required

Prerequisites: Valid user credentials with 'Task Create' authorization · Access to the CVAT API

MITRE ATT&CK

T1083 - File and Directory Discovery T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/169814/CVAT-2.0-Server-Side-Request-Forgery.html

Patch, Third Party Advisory

https://github.com/cvat-ai/cvat/commit/6fad1764efd922d99dbcda28c4ee72d071aa5a07

View Patch ZIP pw:eip

Patch, Third Party Advisory

https://github.com/cvat-ai/cvat/security/advisories/GHSA-7vpj-j5xv-29pr

Scores

CVSS v3 8.6

EPSS 0.4785

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (2)

cvat/computer_vision_annotation_tool < 2.0.0

cvat/cvat < 2.0.0

Published Aug 01, 2022

Tracked Since Feb 18, 2026